Credit card tokenization allows you to replace the credit card number defined for a credit card payment method with a token provided by the authorization service. Using credit card tokenization enables you to store a token, rather than the actual credit card number, in the CWDirect database and allows you to follow PCI compliance and maximum security of sensitive data.
Tokens are unique identification symbols that retain all the essential information for a credit card number without compromising its security. A token typically contains only the last four digits of a card number, with the rest of the token consisting of alphanumeric characters that represent miscellaneous cardholder information and data specific to the transaction being processed.
Encryption: To further secure credit card data, perform credit card encryption to encrypt the credit card number (whether it is the credit card number or a token) stored in the Credit card number field in the CWDirect database and follow the recommended guidelines for data security; see Using Credit Card Encryption and Data Security. Note: You must complete the required Credit Card Encryption Installation and Setup to encrypt the credit card number BEFORE you start using credit card tokenization.
Supported integrations: Credit card tokenization is available for the following integrations:
• Litle integration with CWDirect using the version 2.0 cw_litle site. See the Litle Integration with CWDirect Reference for processing details.
• Chase Paymentech Orbital Gateway Integration
In this topic:
• Credit Card Tokenization Process
• Credit Card Tokenization During Authorization Processing
• Work with Batch Tokenization (WBTK)
• Tokenization: Sample Messages
• Register Token Request XML Message
• Register Token Response XML Message
Before you can use tokenization, you must complete the required setup.
• Tokenization Authorization Service
• Tokenization System Control Values
• CC_TOKEN Integration Layer Process
• Cleaning up CWDirect Files Before Implementing Tokenization
• Replacing Credit Card Numbers on Existing Orders and Customer Memberships
Tokenization Authorization Service
Use Defining Authorization Services (WASV) to define the authorization service that performs credit card tokenization.
The Use Tokenization field defines whether the authorization service uses the Credit Card Tokenization Process to replace the credit card number on a credit card payment with a token. Valid values are:
Y = The authorization service uses the Credit Card Tokenization Process.
N (default) = The authorization service does not use the Credit Card Tokenization Process.
Note: Credit card tokenization is available for the following integrations:
• Litle integration with CWDirect using the version 2.0 cw_litle site. See the Litle Integration with CWDirect Reference for processing details.
• Chase Paymentech Orbital Gateway Integration
Tokenization System Control Values
System Control Value |
Description |
Enter Y in this field to require a token for a credit card number. This ensures that credit card numbers are never stored in the CWDirect database and follows full PCI compliance and maximum security of sensitive data. If the Credit Card Tokenization Process is unable to replace the card number with a token, the system: • During Order Entry/Maintenance, Customer Memberships, and Change Invoice Payment Method: displays the Tokenization Warning window, requiring you to enter a different form of payment. • During web order processing: replaces the credit card number with the text TOKENIZATION FAILED and places the order in an error status with the reason Invalid Credit Card. You can correct the credit card payment method and resend the card for tokenization in batch order entry. Enter N or leave this field blank to allow the system to accept a credit card number that has not been replaced with a token. The credit card number will be replaced by a token during authorization processing or when you use Work with Batch Tokenization (WBTK). Note: If you change the setting of this system control value, you must stop and restart the ORDER_IN integration layer job before your change takes effect for orders received through the Generic Order Interface (Order API). |
|
Enter the Process ID for the integration layer job used to transmit Register Token messages between CWDirect and the authorization service during the Credit Card Tokenization Process. The delivered job is CC_TOKEN. |
CC_TOKEN Integration Layer Process
Use Working with Integration Layer Processes (IJCT) to set up the CC_TOKEN job.
The CC_TOKEN job is a delivered interactive job used to route the Register Token messages to the correct MQ queues and to identify how long to wait for a Register Token Response from the authorization service.
Note: You can define only one set of queues (outbound and inbound) for the CC_TOKEN job, which means you can only use a single authorization service to perform credit card tokenization.
When you define the queues, make sure you select the Enabled field and define a Wait time.
Enter CC_TOKEN in the Tokenization IJCT Job (L41) system control value.
Outbound XML version: Because the CC_TOKEN integration layer process is an interactive job, you must define its outbound XML version in the CCAUTH_BTH (Batch Authorization) and CCAUTH_ONL (Online Authorization) integration layer processes. To include the tokenized tag in the Authorization Request XML Message (CWAuthorizationRequest), set the outbound XML version for the CCAUTH_BTH and CCAUTH_ONL processes to version 5.0 or later.
Cleaning up CWDirect Files Before Implementing Tokenization
Before implementing credit card tokenization, you should clean up any unneeded data in the CWDirect files. This will shorten the batch tokenization process.
CWDirect File |
How to Clean |
Customer Sold To BML (OECSBM) |
Perform a customer sold to merge/purge using Working with Merge/Purge Sold-to Names (MMCS). |
Customer Sold To Ord History (CSTOOH) |
|
Customer Membership (OECSMP) |
|
Customer Ship To Ord History (CSHORH) |
|
CC Deposit History (CCDPHI) |
Purge orders using Purging Orders (MPOR, FORP, VORP, DORP). |
Invoice Payment Method (CSINVP) |
|
Order Payment Method (OEPAYM) |
|
Stored Value Card (OESVCD) |
|
Order Payment History (OEPAYH) |
|
Order Ship To Data Queue (OESTDQ) |
|
RA Exch Payment Method (CSRAPM) |
|
Store Pickup Payment (MLPSBP) |
Use the ILR0026 periodic function to purge store pickup records older than the number of days specified with the Store Pickup/Shipment Request Purge Days (I43) system control value. |
On Line Authorization (CCOLAT) |
Perform credit card authorization against orders that contain a pay category 2 pay type that requires authorization. For online authorizations, you can use order maintenance or Performing Batch Authorization (SATH). For batch authorizations, you can use Working with Pick Slip Generation (WPSG). |
CC Authorization Trans (CCAT00) |
|
Authorization Hist Print (AUTHPT) |
|
CC Deposit Transaction (CCDP00) |
Use Processing Auto Deposits (SDEP) to process deposits. |
Replacing Credit Card Numbers on Existing Orders and Customer Memberships
Before you start using credit card tokenization, you should first replace the credit card number on any existing orders and customer memberships. Use the Work with Batch Tokenization (WBTK) menu option to submit the batch tokenization process for a range of orders and for any existing customer memberships that contain a credit card number.
For more information: See Guidelines for Data Security to follow the recommended guidelines for data security.
Credit Card Tokenization Process
Determining Whether a Pay Type is Eligible for Tokenization
A pay type is eligible for tokenization if:
• The Use Tokenization field for the authorization service defined for the pay type is set to Y.
• The credit card number has not been replaced with a token.
To determine whether the credit card number has been replaced with a token:
Order Entry, Order Maintenance, Batch Order Entry |
The system looks at the Tokenized field in the Order Payment Method file to determine if the Credit card number is the actual credit card number or a token. Y indicates the number is a token; otherwise the number is the actual credit card number. |
Order API |
The system looks at the already_tokenized tag in the Inbound Order XML Message (CWORDERIN) to determine if the number in the cc_number tag is the actual credit card number or a token. Y indicates the number is a token; otherwise the number is the actual credit card number. |
Customer Membership |
The system looks at the Tokenized field in the Customer Membership file to determine if the Credit card number is the actual credit card number or a token. Y indicates the number is a token; otherwise the number is the actual credit card number. |
Invoice Payment Method |
The system looks at the Tokenized field in the Order Payment Method file to determine if the Credit card number is the actual credit card number or a token. Y indicates the number is a token; otherwise the number is the actual credit card number. However, the credit card is eligible for tokenization regardless if the credit card number for the invoice payment method was previously tokenized. |
Batch Tokenization |
For orders, the system looks at the Tokenized field in the Order Payment Method file to determine if the Credit card number is the actual credit card number or a token. Y indicates the number is a token; otherwise the number is the actual credit card number. For customer memberships, the system looks at the Tokenized field in the Customer Membership file to determine if the Credit card number is the actual credit card number or a token. Y indicates the number is a token; otherwise the number is the actual credit card number. |
Sending a Credit Card for Tokenization
CWDirect calls the tokenization process for eligible credit cards during the following points:
Order Entry |
When you add a credit card pay type on the Enter Credit Card For Window (Credit Card Payment Type), Enter Payment Method Screen, or Work with Order/Recap Screen. |
Order Maintenance, Batch Order Entry |
When you add a credit card pay type on the Enter Payment Methods Screen. |
Order API |
When CWDirect receives an Inbound Order XML Message (CWORDERIN) through the Generic Order Interface (Order API) and the already_tokenized tag for the credit card payment is N or blank. |
Customer Membership |
When you add or change the credit card number assigned to a membership on the Customer Membership Screen (Change Mode). |
Invoice Payment Method |
When you change the credit card number on the Change Credit Card For window for an invoice payment method; see Changing Credit Card Information for an Invoice Payment Method. |
Batch Tokenization |
When you press F9 on the Batch Tokenization Screen. |
When the tokenization process is called, CWDirect:
1. Stores the credit card number in memory.
2. Performs updates prior to sending the credit card number for tokenization:
Order Entry, Order Maintenance, Batch Order Entry, Batch Tokenization |
Updates the record in the Order Payment Method file: • Last 4: Contains the last four digits of the actual credit card number in order to verify the card with the customer. • Bin: Contains the first six digits of the actual credit card number in order to perform Level II and III Discounting on the card during deposit processing. |
Order API |
Updates the record in the Order Payment Method file: • Last 4: Contains the last four digits of the actual credit card number in order to verify the card with the customer. The system updates this field using the value in the cc_last_four tag; if this tag is blank, the system updates this field with the last four positions of the number in the cc_number tag before it is tokenized. • Bin: Contains the first six digits of the actual credit card number in order to perform Level II and III Discounting on the card during deposit processing. The system updates this field using the value in the cc_bin tag; if this tag is blank, the system updates this field with the first six positions of the number in the cc_number tag before it is tokenized. |
Customer Membership |
Updates the record in the Customer Membership file: • Last 4: Contains the last four digits of the actual credit card number in order to verify the card with the customer. • Bin: Contains the first six digits of the actual credit card number in order to perform Level II and III Discounting on the card during deposit processing. |
Invoice Payment Method |
The system does not perform any updates prior to sending the credit card number for tokenization. |
3. Generates a Register Token Request XML Message and sends it to the authorization service, using the outbound MQ queue defined in the CC_TOKEN integration layer job.
4. Waits for a response from the authorization service, using the wait time defined for the CC_TOKEN job.
CWDirect receives the Register Token Response XML Message from the authorization service.
What Happens When a Token is Returned?
If a token is returned in the Register Token Response XML Message, the system:
• Bypasses credit card validation since the card number is a token, rather than the actual card number.
• Updates the record with the token:
Order Entry, Order Maintenance, Batch Order Entry |
Updates the record in the Order Payment Method file: • Credit card number: Contains the token returned in the Register Token Response XML Message. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: Y indicates the credit card number has been replaced with a token. Replaces the credit card number that displays on the screen with the token. |
Order API |
Updates the record in the Order Payment Method file: • Credit card number: Contains the token returned in the Register Token Response XML Message. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: Y indicates the credit card number has been replaced with a token. If the order is eligible for online authorization, generates the Authorization Request XML Message (CWAuthorizationRequest) and sends it to the authorization service with the tokenized tag set to Y; see Performing Online Credit Card Authorization on Web Orders and Credit Card Tokenization During Authorization Processing. Once online authorization processing completes, the system generates the Detailed Order XML Response (CWORDEROUT) or Order Acknowledgement XML Message (CWORDEROUT), based on the response_type defined for the order. |
Customer Membership |
Updates the record in the Customer Membership file: • Credit card number: Contains the token returned in the Register Token Response XML Message. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: Y indicates the credit card number has been replaced with a token. Replaces the credit card number that displays on the screen with the token. |
Invoice Payment Method |
Updates the Credit card number in the Invoice Payment Method file and Order Payment Method file with the token returned in the Register Token Response XML Message. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. Note: The system retains the Tokenized, CC Last 4, and Bin values in the Order Payment Method file for the original credit card number. Replaces the credit card number that displays on the screen with the token. |
Batch Tokenization |
Updates the record in the Order Payment Method file: • Credit card number: Contains the token returned in the Register Token Response XML Message. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: Y indicates the credit card number has been replaced with a token. • Replaces the credit card number in other order-related files with the token returned in the Register Token Response XML Message: • Invoice Payment Method (CSINVP): Credit Card # • Authorization Hist Print (AUTHPT): Credit Card Number • CC Deposit History (CCDPHI): Credit Card # • RA Exch Payment Method (CSRAPM): Credit Card Number If the Process non-order related files field was selected for the batch tokenization process, the system updates the record in the Customer Membership file: • Credit card number: Contains the token returned in the Register Token Response XML Message. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: Y indicates the credit card number has been replaced with a token. |
What Happens When a Token is Not Returned?
If a token is not returned in the Register Token Response XML Message or if a response is not received within the Wait time defined for the CC_TOKEN job, the system performs the following updates:
Order Entry, Order Maintenance, Batch Order Entry |
If the Require Credit Card Token (L40) system control value is set to N, the system updates the record in the Order Payment Method file: • Credit card number: Contains the credit card number. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: N indicates the credit card number has not been replaced with a token. If the Require Credit Card Token (L40)Require Credit Card Token (L40) system control value is set to Y, the system displays the Tokenization Warning window, requiring you to enter a different form of payment on the order before it can be accepted: The card could not be processed at this time. Please provide a different form of payment. |
Order API |
If the order is eligible for online authorization, generates the Authorization Request XML Message (CWAuthorizationRequest) and sends it to the authorization service with the tokenized tag set to N; see Performing Online Credit Card Authorization on Web Orders. The authorization service will attempt to replace the credit card with a token during online authorization processing. If a token is returned in the Authorization Response XML Message (CWAuthorizationResponse), the system performs the same updates that occur when a successful Register Token Response XML Message is received. If a token is not returned in the Authorization Response XML Message (CWAuthorizationResponse), or if a response is not received within the Wait time defined for the Online Authorization job, or if the order is not eligible for online authorization, the system performs the following updates. If the Require Credit Card Token (L40) system control value is set to N, the system updates the record in the Order Payment Method file: • Credit card number: Contains the credit card number. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: N indicates the credit card number has not been replaced with a token. |
|
If the Require Credit Card Token (L40) system control value is set to Y, the system: • Replaces the credit card number with the text TOKENIZATION FAILED. • Updates the order to an error status and generates the Detailed Order XML Response (CWORDEROUT) or Order Acknowledgement XML Message (CWORDEROUT), based on the response_type defined for the order. The error message assigned to the order is Invalid Credit Card. • Places the order in the Default Batch for E-Commerce Orders in Error (G41). You can correct the credit card payment in batch order entry. To resend the card number for tokenization, you must delete the pay type and reenter it on the order. |
Customer Membership |
If the Require Credit Card Token (L40) system control value is set to N, the system updates the record in the Customer Membership file: • Credit card number: Contains the credit card number. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: N indicates the credit card number has not been replaced with a token. If the Require Credit Card Token (L40) system control value is set to Y, the system displays the Tokenization Warning window, requiring you to enter a different form of payment on the customer membership before it can be updated: The card could not be processed at this time. Please provide a different form of payment. |
Invoice Payment Method |
If the Require Credit Card Token (L40) system control value is set to N, the system updates the Credit card number in the Invoice Payment Method file and Order Payment Method file with the new credit card number. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. Note: The system retains the Tokenized, CC Last 4, and Bin values in the Order Payment Method file for the original credit card number. If the Require Credit Card Token (L40) system control value is set to Y, the system displays the Tokenization Warning window, requiring you to define a different credit card number or keep the existing number and try changing it at a later time: The card could not be processed at this time. Please provide a different form of payment. |
Batch Tokenization |
If the Require Credit Card Token (L40) system control value is set to N, the system does not perform any updates. If the Require Credit Card Token (L40) system control value is set to Y, the system: • For orders, updates the Order Payment Method file: • Credit card number: Contains the credit card number. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: N indicates the credit card number has not been replaced with a token. • For customer memberships, updates the Customer Membership file: • Credit card number: Contains the credit card number. If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: N indicates the credit card number has not been replaced with a token. |
Additional Tokenization Notes
Credit card authorization:
• If the credit card number has been replaced with a token, the system sends the token to the authorization service in the Authorization Request XML Message (CWAuthorizationRequest).
• If the credit card number has not been replaced with a token, the system sends the actual credit card number to the authorization service in the Authorization Request XML Message (CWAuthorizationRequest). The authorization service will replace the credit card number with a token during authorization processing and return the token in the Authorization Response XML Message (CWAuthorizationResponse).
See Credit Card Tokenization During Authorization Processing for more information.
Changing a tokenized credit card payment during order entry/maintenance: You cannot change a credit card pay type whose number has been replaced with a token; the Pay type and Credit card number are display-only fields. To change the credit card number on an existing credit card payment that has been tokenized, you must deactivate or delete the payment method and reenter it.
Changing a non-tokenized credit card payment during batch order entry/order maintenance: If you change a credit card payment that has not been tokenized, the system does not send the credit card for tokenization; you must deactivate or delete the payment method and reenter it.
Tokenization and Credit Card Number Scan screens:
You can scan on the credit card number at the following CWDirect screens:
• Order Maintenance Selection Screen
• Select Orders For Return Authorization Screen
However, if you use credit card tokenization, you will not be able to scan on the credit card number on these CWDirect screens since the credit card number has been replaced with a token.
Storing a customer’s credit card: If the Prevent Storing the Customer’s Last CC# and Exp Date (J86) system control value is set to N or blank, the system stores the customer’s credit card number and expiration date that was most recently used on an order in the Customer Sold To Order History and Customer Ship To Order History files. However, the number stored may be a token rather than the actual credit card number.
Note: To follow PCI compliance and maximum security of sensitive data, enter Y in the Prevent Storing the Customer’s Last CC# and Exp Date (J86) system control value.
Enter Credit Card For window: The system automatically displays the Enter Credit Card For Window (Credit Card Payment Type) in order entry if you defined a default payment method on the Request Order Batch screen or in the Default Previous Pay Type in Order Entry (D64) system control value and the credit card pay type is not associated with an authorization service whose Use Tokenization field is Y.
Miscellaneous fraud: You cannot create a miscellaneous fraud based on credit card in Working with Miscellaneous Frauds (WMFF) since a token rather than the credit card is stored in the CWDirect database.
Tokenization when generating membership orders: When you generate membership orders, the system looks at the setting of the Tokenized field for the Customer Membership:
• If the Tokenized field for the customer membership is Y, the system bypasses credit card validation since the card number is a token, rather than the actual card number.
• If the Tokenized field for the customer membership is N or blank, the system performs credit card validation since the card number is the actual credit card number and not a token. You can use Work with Batch Tokenization (WBTK) to replace the card number with a token or the system will send the credit card number for tokenization during batch authorizations; see Credit Card Tokenization During Authorization Processing.
Credit Card Tokenization During Authorization Processing
The tokenized tag in the Authorization Request XML Message (CWAuthorizationRequest) defines whether the credit card number in the request is the actual credit card number or a token received by the authorization service during the Credit Card Tokenization Process.
Y = The credit card number in the CWAuthorizationRequest is a token.
N = The credit card number in the CWAuthorizationRequest is the actual credit card number.
The system includes the tokenized tag in the CWAuthorizationRequest message only if the pay type is eligible for tokenization. To be eligible for tokenization the Use Tokenization field for the authorization service defined for the pay type must be Y.
Tokenized Setting |
Results |
Tag not included |
The system does not perform tokenization during authorization processing. |
N |
The authorization service processes the authorization request and generates a token for the credit card number sent in the Authorization Request XML Message (CWAuthorizationRequest). The authorization service returns the authorization response and the token in the Authorization Response XML Message (CWAuthorizationResponse): • The ccAccountNumber tag contains the token. • The tokenized tag is set to Y indicating the credit card number has been replaced with a token. When CWDirect processes the authorization response, the system updates the record in the Order Payment Method file: • Credit card number: Contains the token returned in the Authorization Response XML Message (CWAuthorizationResponse). If you Use Credit Card Encryption (I97), the system encrypts the number; see Using Credit Card Encryption and Data Security. • Tokenized: Y indicates the credit card number has been replaced with a token. If a token is not returned: If a token is not returned in the CWAuthorizationResponse message, the system does not update the Credit card number in the Order Payment Method record and sets the Tokenized field to N. You can use Work with Batch Tokenization (WBTK) to resend the card for tokenization. Note: You must obtain a token before running deposits for an order that contains an eligible credit card pay type; the deposit service will not provide a token for a credit card number. |
Y |
The authorization service processes the authorization request using the token from the Order Payment Method record and returns the same token in the Authorization Response XML Message (CWAuthorizationResponse). |
Work with Batch Tokenization (WBTK)
Use this menu option to replace the credit card number with a token for a specified range of orders or eligible customer memberships. You can continue working with CWDirect as you replace the card number with a token.
Use this screen to replace the credit card number with a token for a selected range of orders and for eligible credit cards in the Customer Membership file.
How to display this screen: Enter WBTK in the Fast path field or select Work with Batch Tokenization from a menu.
OER1588 ENTER Batch Tokenization 3/18/11 13:44:14 KAB Co2 Karen Bottger Company
From Order to
Process non-order related files N (Y/N)
F3=Exit F9=Accept F12=Cancel |
Field |
Description |
From Order |
The number of the first order in the order range you wish to include in the Credit Card Tokenization Process. The From order number must be less than the To order number. Numeric, 8 positions; required. |
To Order |
The number of the last order in the order range you wish to include in the Credit Card Tokenization Process. The To order number must be equal to or greater than the To order number. Numeric, 8 positions; required. |
Defines whether the system performs the Credit Card Tokenization Process for the credit card number in the Customer Membership file. • Y = The system sends credit card numbers in the Customer Membership file to the authorization service for tokenization. • N = The system does not send credit card numbers in the Customer Membership file to the authorization service for tokenization. |
Screen Option |
Procedure |
Submit the Batch Tokenization Process |
1. Enter the range of orders whose credit card numbers you wish to replace with a token on the Batch Tokenization Screen. 2. Enter Y in the Process non-order related files field if you wish to replace credit cards numbers with a token in the Customer Membership file. 3. Press Enter to validate your entries. Correct any errors and press F9 to submit the Batch Tokenization process. The system submits the BATCH_TOKN job. See Credit Card Tokenization Process for the updates the system performs. |
• Tokenization During Order Processing: Sample Messages
• Tokenization During Customer Membership: Sample Messages
• Tokenization During Online Authorization: Sample Messages
• Tokenization During Batch Authorization: Sample Messages
Tokenization During Order Processing: Sample Messages
A sample of the Register Token transaction that is generated for an eligible credit card pay type on an order is provided below.
Register Token Request:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.REGTOKENIN">
<CWAuthorizationRequest mode="Online">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="NO" />
<AuthRequest companyID="554" createDate="04122011" orderType="Mail" transactionType="Debit" merchantReference="5540000143100000" transactionSeqNumber="000000000000000" orderID="00001431" paymentID="00" authID="000" payCategory="Credit card" vendorPaymentMethod="VI" cardType="Credit Card" actionCode="RegToken" ccAccountNumber="************0009" expirationDate="" authAmountText=".00" authAmount="00" currencyCode="" CIDNumber="" CIDIndicator="" ecommerceIndicator="NO" firstName="" lastName="" addressLine1="" city="" state="" zip="" country="" phoneType="" phoneNumber="" tokenized="N" email="" />
</CWAuthorizationRequest>
</Message>
Register Token Response:
<Message>
<CWAuthorizationResponse>
<AuthResponse companyID="554" merchantReference="5540000143100000" orderID="00001431" paymentID="00" authID="000" ccAccountNumber="************0009" transactionID="819793331402834991" tokenized="Y" />
</CWAuthorizationResponse>
</Message>
Tokenization During Customer Membership: Sample Messages
A sample of the Register Token transaction that is generated for an eligible credit card pay type on a customer membership is provided below.
Register Token Request:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.REGTOKENIN">
<CWAuthorizationRequest mode="Online">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="NO" />
<AuthRequest companyID="554" createDate="04122011" orderType="Phone" transactionType="Debit" merchantReference="5540033143100000" transactionSeqNumber="000000000000000" orderID="00000000" paymentID="00" authID="000" payCategory="Credit card" vendorPaymentMethod="VI" cardType="Credit Card" actionCode="RegToken" ccAccountNumber="************0009" expirationDate="" authAmountText=".00" authAmount="00" currencyCode="" CIDNumber="" CIDIndicator="" ecommerceIndicator="NO" firstName="" lastName="" addressLine1="" city="" state="" zip="" country="" phoneType="" phoneNumber="" tokenized="N" email="" />
</CWAuthorizationRequest>
</Message>
Register Token Response:
<Message>
<CWAuthorizationResponse>
<AuthResponse companyID="554" merchantReference="5540033143100000" orderID="00331431" paymentID="00" authID="000" ccAccountNumber="************0009" transactionID="819793331159615361" tokenized="Y" />
</CWAuthorizationResponse>
</Message>
Tokenization During Online Authorization: Sample Messages
A sample of an Online Authorization transaction that also replaces the credit card number with a token is provided below.
Online Authorization Request:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.ONLINEAUTHINV2">
<CWAuthorizationRequest mode="Online">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="YES" />
<AuthRequest companyID="554" createDate="04012011" orderType="Mail" transactionType="Debit" merchantReference="5540000135201001" transactionSeqNumber="000000000000162" orderID="00001352" paymentID="01" authID="001" payCategory="Credit card" vendorPaymentMethod="VI" cardType="Credit Card" actionCode="Authorization" ccAccountNumber="************0009" expirationDate="1212" authAmountText="20.50" authAmount="2050" currencyCode="" CIDNumber="" CIDIndicator="" ecommerceIndicator="NO" firstName="JOHN" lastName="SMITH" addressLine1="1 MAIN ST" city="BURLINGTON" state="MA" zip="01803-3747" country="USA" phoneType="" phoneNumber="" tokenized="N" email="" />
</CWAuthorizationRequest>
</Message>
Online Authorization Response:
<Message source="CWIntegrate" target="CWDirect" type="CWAuthorizationResponse" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.ONLINEAUTHIN">
<CWAuthorizationResponse mode="Online" type="Detail" action="Response">
<AuthResponse companyID="554" merchantID="001301" merchantReference="5540000135201001" orderID="00001352" paymentID="01" authID="001" ccAccountNumber="************0009" authNumber="11111" authDate="04012011" vendorResponse1="000" avsResponse="11" actionCode="Authorization" transactionID="27200002812019" tokenized="Y" />
</CWAuthorizationResponse>
</Message>
Tokenization During Batch Authorization: Sample Messages
A sample of a Batch Authorization transaction that also replaces the credit card number with a token is provided below.
Batch Authorization Request: Sample Messages
Header message:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHINV2">
<CWAuthorizationRequest mode="Batch" type="Header">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="YES" />
<BatchInfo fileType="AUTH" merchantFileTrace="87" createDate="03292011" testProductionFlag="PROD" />
</CWAuthorizationRequest>
</Message>
Detail message:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHINV2">
<CWAuthorizationRequest mode="Batch" type="Detail">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="YES" />
<AuthRequest companyID="554" createDate="03292011" orderType="Mail" transactionType="Debit" merchantReference="5540000133801001" transactionSeqNumber="000000000000000" orderID="00001338" paymentID="01" authID="001" payCategory="Credit card" vendorPaymentMethod="VI" cardType="Credit Card" actionCode="Authorization" ccAccountNumber="************0009" expirationDate="1212" authAmountText="20.50" authAmount="2050" currencyCode="" CIDNumber="" CIDIndicator="" ecommerceIndicator="NO" firstName="JOHN" lastName="SMITH" addressLine1="1 MAIN ST" city="BURLINGTON" state="MA" zip="01803-3747" country="USA" phoneType="" phoneNumber="" tokenized="N" email="" />
</CWAuthorizationRequest>
</Message>
Summary message:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHINV2">
<CWAuthorizationRequest mode="Batch" type="Summary">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="YES" />
<BatchInfo fileType="AUTH" merchantFileTrace="87" createDate="03292011" debitAmount="2050" debitCount="1" creditAmount="00" creditCount="0" totalAmount="2050" totalCount="3" testProductionFlag="PROD" />
</CWAuthorizationRequest>
</Message>
Footer message:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHINV2">
<CWAuthorizationRequest mode="Batch" type="Footer">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="YES" />
<BatchInfo fileType="AUTH" merchantFileTrace="87" createDate="03292011" debitAmount="2050" debitCount="1" creditAmount="00" creditCount="0" totalAmount="2050" totalCount="4" testProductionFlag="PROD" />
</CWAuthorizationRequest>
</Message>
Send message:
<Message source="RDC" target="IL" type="CWAuthorizationRequest" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHINV2">
<CWAuthorizationRequest mode="Batch" type="Send">
<Service serviceID="LTL" />
<Merchant companyID="554" merchantID="001301" merchantSubID="" merchantName="LITLE" merchantDivision="" chargeDescription="LITLE" receivingCode="" startupInfo="" signon="MICROSCW" password="cert4g3s" presentersID="" pidPassword="" submittersID="" sidPassword="" industryFormatCode="" addressVerificationFlag="YES" />
<BatchInfo fileType="AUTH" merchantFileTrace="87" createDate="03292011" testProductionFlag="PROD" />
</CWAuthorizationRequest>
</Message>
Batch Authorization Response: Sample Messages
Send message:
<Message source="CWIntegrate" target="CWDirect" type="CWAuthorizationResponse" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHIN">
<CWAuthorizationResponse mode="Batch" type="Send" action="Sent">
<AuthResponse companyID="554" />
<BatchInfo fileType="AUTH" merchantFileTrace="87" />
</CWAuthorizationResponse>
</Message>
Receive message:
<Message source="CWIntegrate" target="CWDirect" type="CWAuthorizationResponse" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHIN">
<CWAuthorizationResponse mode="Batch" type="Receive" action="Receiving">
<AuthResponse companyID="554" />
<BatchInfo fileType="AUTH" merchantFileTrace="87" />
</CWAuthorizationResponse>
</Message>
Detail message:
<Message source="CWIntegrate" target="CWDirect" type="CWAuthorizationResponse" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHIN">
<CWAuthorizationResponse mode="Batch" type="Detail" action="Response">
<AuthResponse merchantID="001301" merchantReference="5540000133801001" ccAccountNumber="************0009" authNumber="11111" authDate="03292011" vendorResponse1="000" avsResponse="11" transactionID="819793233427988515" tokenized="Y" />
<BatchInfo merchantFileTrace="87" />
</CWAuthorizationResponse>
</Message>
Footer message:
<Message source="CWIntegrate" target="CWDirect" type="CWAuthorizationResponse" resp_qmgr="CWIAS400" resp_q="CWDIRECT.LITLE.BATCHAUTHIN">
<CWAuthorizationResponse mode="Batch" type="Footer" action="Complete">
<AuthResponse companyID="554" />
<BatchInfo fileType="AUTH" merchantFileTrace="87" />
</CWAuthorizationResponse>
</Message>
Register Token Request XML Message
The Register Token Request contains credit card information to send from CWDirect to the authorization service for tokenization during the Credit Card Tokenization Process.
CWDirect creates the Register Token Request using the Authorization Request XML message (CWAuthorizationRequest) in Online mode; because of this, only the elements and attributes specific to credit card tokenization are explained below. See Authorization Request XML Message (CWAuthorizationRequest) for more information on the additional values in this message.
Sample messages: See Tokenization: Sample Messages.
Attribute Name |
Type |
Length |
Comments |
|
This element is always included. See Message for more information on the attributes for this element. |
|||
|
This element is always included. |
|||
mode |
alpha |
10 |
Indicates the mode of communication. Online displays for Register Token Requests. |
|
This element is always included. |
|||
serviceID |
alpha |
3 |
Service bureau code. This is the ASV Auth service code field in the Authorization Service file. |
|
This element is always included. See Merchant for more information on the attributes for this element. |
|||
|
This element is always included. The attributes populated for a Register Token Request are described below. |
|||
companyID |
alpha |
3 |
The company from where the request was sent. From the Company in the Order Payment Method or Customer Membership file. |
createDate |
numeric |
8 |
The date (in MMDDYYYY format) the request was sent to the service bureau. |
orderType |
alpha |
8 |
Indicates the type of order, for example phone order or mail order, where the card is located. Mail = Mail order. Phone = Telephone order. Internet = Web order. CWDirect: • Looks at the value in the Internet order field in the Order Header file. If this field is set to I, the order is a web order. • Determines if the order type for the order matches the order type defined in the E-Commerce Order Type (G42) system control value. If the order type matches, the order is a web order. • Looks at the value defined in the Forecasting order category field in the Order Type file. If this value is 1, the order is a mail order. If this value is 2, the order is a phone order. |
transactionType |
alpha |
10 |
Indicates if the transaction is a debit or credit. Debit displays for Register Token Requests. |
merchantReference |
numeric |
20 |
A unique number made up of the CWDirect company code + order number + order payment method sequence number + authorization sequence number. For Register Token transactions, the order payment method sequence number and authorization sequence number are zero-filled. From Company and Order # in the Order Payment Method file. |
transactionSeq Number |
numeric |
15 |
000000000000000 displays for Register Token Requests. |
orderID |
numeric |
8 |
The order number associated with the transaction. From the Order # in the Order Payment Method file. If the Register Token Request is for a membership, 00000000 displays. |
paymentID |
numeric |
2 |
00 displays for Register Token Requests. |
authID |
numeric |
3 |
000 displays for Register Token Requests. |
payCategory |
numeric |
15 |
A description of the pay category associated with the credit card request. Credit card displays, indicating the credit card is associated with the credit card pay category. This is the description associated with the Pay category field defined for the credit card pay type in the Pay Type file. |
vendorPaymentMethod |
alpha |
5 |
The vendor paytype code associated with the credit card transaction; this is the code the service bureau uses to identify a method of payment. This is the CPC vendor paytype/code field defined for the credit card pay type in the CC Paytype Cross Ref file. |
cardType |
alpha |
10 |
Indicates the type of card being processed. Credit card displays for Register Token Requests. |
actionCode |
alpha |
10 |
Indicates the action to take against the card being processed. RegToken = Register token. |
alpha |
20 |
The credit card number to replace with a token. From the Credit card number in the Order Payment Method or Customer Membership file. If you use credit card encryption, the system decrypts the credit card number before sending it to the service bureau. See Using Credit Card Encryption and Data Security for an overview. |
|
authAmountText |
numeric |
10.2 |
The transaction amount, including decimals. .00 displays for Register Token Requests. |
authAmount |
numeric |
10 |
The transaction amount, with implied decimals. 00 displays for Register Token Requests. |
alpha |
1 |
Defines whether the number in the ccAccountNumber is the actual credit card number or a token received from the authorization service during the Credit Card Tokenization Process. Valid values: Y = The number in the ccAccountNumber is a token. N or blank = The number in the ccAccountNumber is the actual credit card number. From the Tokenized field in the Order Payment Method or Customer Membership file. Available in XML version: 5.0 (CWDirect version 14.0). |
|
Register Token Response XML Message
The register token response indicates whether the credit card number has been replaced with a token.
The system creates the register token response using the Authorization Response XML Message (CWAuthorizationResponse) in Online mode; because of this, only the elements and attributes specific to the register token process are explained below. See Authorization Response XML Message (CWAuthorizationResponse) for more information on the additional values in this message.
Attribute Name |
Type |
Length |
Comments |
Message This element is always included. See Message for more information on the attributes for this element. |
|||
CWAuthorizationResponse This element is always included. See CWAuthorizationResponse for more information on the attributes in this element. |
|||
AuthResponse This element is always included. The attributes populated for a Register Token Response are described below. |
|||
companyID |
alpha |
3 |
The company from which the Register Token Request was sent. |
merchantReference |
numeric |
15 |
A unique number made up of the CWDirect company code + order number + order payment method sequence number + authorization sequence number. For Register Token transactions, the order payment method sequence number and authorization sequence number are zero-filled. The system uses this number to match the response to the appropriate record in the Order Payment Method or Customer Membership file. |
orderID |
numeric |
8 |
The order number associated with the Register Token transaction. |
paymentID |
numeric |
2 |
00 displays for Register Token transactions. |
authID |
numeric |
3 |
000 displays for Register Token transactions. |
alpha |
20 |
The token, if the credit card number was successfully tokenized by the authorization service; otherwise, this is the credit card number that requested tokenization. Updates the Credit Card Number in the Order Payment Method file or Customer Membership file. |
|
transactionID |
alpha |
40 |
The transaction ID assigned by the authorization service to the Register Token transaction. Available in XML version: 3.0 (version 12.5 of CWDirect). |
tokenized |
alpha |
1 |
Defines whether the number in the ccAccountNumber tag is the actual credit card number or a token. Valid values: Y = The number in the ccAccountNumber tag is a token. N or blank = The number in the ccAccountNumber tag is the actual credit card number. Updates the Tokenized field in the Order Payment Method or Customer Membership file. Available in XML version: 4.0 (version 14.0 of CWDirect). |
| Using Credit Card Encryption and Data Security | Contents | SCVs | Search | Glossary | Reports | Solutions | XML | Index | Logging Credit Card Data Access |
SO15_02 CWDirect 18.0.x 2018 OTN